merge

packages/bsky/src/auth-verifier.ts

@@ -211,7 +211,7 @@ export class AuthVerifier {
       }
       const [did, serviceId] = iss.split('#')
       const keyId =
-        serviceId === 'atproto-labeler' ? 'atproto-label' : 'atproto'
+        serviceId === 'atproto_labeler' ? 'atproto_label' : 'atproto'
       let identity: GetIdentityByDidResponse
       try {
         identity = await this.dataplane.getIdentityByDid({ did })

packages/dev-env/src/network.ts

@@ -3,12 +3,11 @@ import * as uint8arrays from 'uint8arrays'
 import getPort from 'get-port'
 import { wait } from '@atproto/common-web'
 import { createServiceJwt } from '@atproto/xrpc-server'
-import { Client as PlcClient } from '@did-plc/lib'
 import { TestServerParams } from './types'
 import { TestPlc } from './plc'
 import { TestPds } from './pds'
 import { TestBsky } from './bsky'
-import { TestOzone } from './ozone'
+import { TestOzone, createOzoneDid } from './ozone'
 import { mockNetworkUtilities } from './util'
 import { TestNetworkNoAppView } from './network-no-appview'
 import { Secp256k1Keypair } from '@atproto/crypto'
@@ -43,13 +42,7 @@ export class TestNetwork extends TestNetworkNoAppView {
     const ozonePort = params.ozone?.port ?? (await getPort())
 
     const ozoneKey = await Secp256k1Keypair.create({ exportable: true })
-    const ozoneDid = await new PlcClient(plc.url).createDid({
-      signingKey: ozoneKey.did(),
-      rotationKeys: [ozoneKey.did()],
-      handle: 'ozone.test',
-      pds: `http://pds.invalid`,
-      signer: ozoneKey,
-    })
+    const ozoneDid = await createOzoneDid(plc.url, ozoneKey)
 
     const bsky = await TestBsky.create({
       port: bskyPort,

packages/dev-env/src/ozone.ts

@@ -1,14 +1,14 @@
 import getPort from 'get-port'
 import * as ui8 from 'uint8arrays'
+import * as plc from '@did-plc/lib'
 import * as ozone from '@atproto/ozone'
 import { AtpAgent } from '@atproto/api'
-import { Secp256k1Keypair } from '@atproto/crypto'
-import { Client as PlcClient } from '@did-plc/lib'
+import { createServiceJwt } from '@atproto/xrpc-server'
+import { Keypair, Secp256k1Keypair } from '@atproto/crypto'
 import { DidAndKey, OzoneConfig } from './types'
 import { ADMIN_PASSWORD } from './const'
 import { createDidAndKey } from './util'
 import { ModeratorClient } from './moderator-client'
-import { createServiceJwt } from '@atproto/xrpc-server'
 
 export class TestOzone {
   constructor(
@@ -27,14 +27,7 @@ export class TestOzone {
     const signingKeyHex = ui8.toString(await serviceKeypair.export(), 'hex')
     let serverDid = config.serverDid
     if (!serverDid) {
-      const plcClient = new PlcClient(config.plcUrl)
-      serverDid = await plcClient.createDid({
-        signingKey: serviceKeypair.did(),
-        rotationKeys: [serviceKeypair.did()],
-        handle: 'ozone.test',
-        pds: `https://pds.invalid`,
-        signer: serviceKeypair,
-      })
+      serverDid = await createOzoneDid(config.plcUrl, serviceKeypair)
     }
 
     const admin = await createDidAndKey({
@@ -57,6 +50,7 @@ export class TestOzone {
 
     const port = config.port || (await getPort())
     const url = `http://localhost:${port}`
+
     const env: ozone.OzoneEnvironment = {
       devMode: true,
       version: '0.0.0',
@@ -154,3 +148,31 @@ export class TestOzone {
     await this.server.destroy()
   }
 }
+
+export const createOzoneDid = async (
+  plcUrl: string,
+  keypair: Keypair,
+): Promise<string> => {
+  const plcClient = new plc.Client(plcUrl)
+  const plcOp = await plc.signOperation(
+    {
+      type: 'plc_operation',
+      alsoKnownAs: [],
+      rotationKeys: [keypair.did()],
+      verificationMethods: {
+        atproto_label: keypair.did(),
+      },
+      services: {
+        atproto_labeler: {
+          type: 'AtprotoLabeler',
+          endpoint: 'https://ozone.public.url',
+        },
+      },
+      prev: null,
+    },
+    keypair,
+  )
+  const did = await plc.didForCreateOp(plcOp)
+  await plcClient.sendOperation(did, plcOp)
+  return did
+}

packages/ozone/src/context.ts

@@ -55,7 +55,7 @@ export class AppContext {
 
     const createAuthHeaders = (aud: string) =>
       createServiceAuthHeaders({
-        iss: cfg.service.did,
+        iss: `${cfg.service.did}#atproto_labeler`,
         aud,
         keypair: signingKey,
       })
@@ -170,7 +170,7 @@ export class AppContext {
   }
 
   async serviceAuthHeaders(aud: string) {
-    const iss = this.cfg.service.did
+    const iss = `${this.cfg.service.did}#atproto_labeler`
     return createServiceAuthHeaders({
       iss,
       aud,

packages/ozone/src/mod-service/views.ts

@@ -25,6 +25,7 @@ import {
 import { REASONOTHER } from '../lexicon/types/com/atproto/moderation/defs'
 import { subjectFromEventRow, subjectFromStatusRow } from './subject'
 import { formatLabel } from './util'
+import { httpLogger as log } from '../logger'
 
 export type AuthHeaders = {
   headers: {
@@ -43,15 +44,20 @@ export class ModerationViews {
     if (dids.length === 0) return new Map()
     const auth = await this.appviewAuth()
     if (!auth) return new Map()
-    const res = await this.appviewAgent.api.com.atproto.admin.getAccountInfos(
-      {
-        dids: dedupeStrs(dids),
-      },
-      auth,
-    )
-    return res.data.infos.reduce((acc, cur) => {
-      return acc.set(cur.did, cur)
-    }, new Map<string, AccountView>())
+    try {
+      const res = await this.appviewAgent.api.com.atproto.admin.getAccountInfos(
+        {
+          dids: dedupeStrs(dids),
+        },
+        auth,
+      )
+      return res.data.infos.reduce((acc, cur) => {
+        return acc.set(cur.did, cur)
+      }, new Map<string, AccountView>())
+    } catch (err) {
+      log.error({ err, dids }, 'failed to resolve account infos from appview')
+      return new Map()
+    }
   }
 
   async repos(dids: string[]): Promise<Map<string, RepoView>> {

packages/pds/src/pipethrough.ts

@@ -154,7 +154,7 @@ export const doProxy = async (url: URL, reqInit: RequestInit) => {
 const isSafeUrl = (url: URL) => {
   if (url.protocol !== 'https:') return false
   if (!url.hostname || url.hostname === 'localhost') return false
-  if (net.isIP(url.hostname) === 0) return false
+  if (net.isIP(url.hostname) !== 0) return false
   return true
 }